Thursday 30 April 2015

Department of Homeland Security Wants to Build Stronger Ties to Silicon Valley, Beginning With Encryption

Washington made yet another trek to Silicon Valley last week and has laid plans to stay.

Secretary Jeh Johnson
On April 21, United States Secretary of Homeland Security Jeh Johnson spoke at RSA’s annual security conference and openly acknowledged that a lack of answers and talent within the government has led it to seek closer ties with the tech industry: “Today I am pleased to announce that the Department of Homeland Security is also finalizing plans to open up a satellite office in Silicon Valley, to serve as another point of contact with our friends here. We want to strengthen critical relationships in Silicon Valley and ensure that the government and the private sector benefit from each other’s research and development. And we want to convince some of the talented workforce here in Silicon Valley to come to Washington.”

His speech consisted of laundry list reminders of how the US government has supported the private sector before concluding in a carefully worded plea: “Now, finally, I have an ask: for your indulgence and your understanding on the subject of encryption. The Department of Homeland Security has both the cybersecurity mission and a law enforcement/counterterrorism mission for the American people. We have feet in both camps. I therefore believe I have a good perspective on this issue. The current course we are on, toward deeper and deeper encryption in response to the demands of the marketplace, is one that presents real challenges for those in law enforcement and national security.
“Let me be clear: I understand the importance of what encryption brings to privacy. But, imagine the problems if, well after the advent of the telephone, the warrant authority of the government to investigate crime had extended only to the U.S. mail. Our inability to access encrypted information poses public safety challenges. In fact, encryption is making it harder for your government to find criminal activity, and potential terrorist activity. We in government know that a solution to this dilemma must take full account of the privacy rights and expectations of the American public, the state of the technology, and the cybersecurity of American businesses. We need your help to find the solution.” 

At surface level, Secretary Johnson merely asked for help in finding a solution to a problem, but the underlying message was clear: the tech industry’s current trajectory of securing the internet via encryption is making DHS’s job more difficult. The US government would like an all-access pass to the internet and is willing to draw on a collective fear of crime and terrorism to try to get encryption back and front doors.

Secretary Johnson posited that his joint interests in cybersecurity, law enforcement, and counterterrorism help him to clearly understand the delicate balance between freedom, privacy, and security, but instead his vision seems to be narrowed and clouded by these very factors. His speech, which included references to Abraham Lincoln and 1995’s Oklahoma City bombing, revealed an approach to cybersecurity rooted in the way things have always been, which is precisely how the United States government has repeatedly gone wrong.

Secretary Johnson was right to identify his ask regarding encryption as an “indulgence”; as such, he should not be surprised when Silicon Valley doesn't respond favorably. According to the New York Times, in the words of Amit Yoran, president of RSA, “There is no sane argument for weakening encryption. Period.”

Yoran’s keynote address at the RSA conference concluded with a truth regarding cybersecurity that continues to evade Washington: “This is not a technology problem; this is a mindset problem. The world has changed.” Yoran acknowledged that we live in a time of data breaches not because of a lack of technology, but because of how we approach cybersecurity. We need to focus on strong authentication and enhanced external threat intelligence, not on building exploitable government back doors into our secure communications. We need to think proactively, not defensively.

Yoran summarized the reality of modern cybersecurity as such: “Simply put, and for all practical purposes, we can neither secure nor trust the pervasive complex and diverse endpoint participants in any large and distributed computing environment, let alone the transports and protocol through which they interact. That is the situation that we’re in today.” And that statement alone is why we cannot weaken encryption for the sake of DHS. Secretary Johnson needs to realize that the internet is a tool for everyone and that internet users deserve access to encryption without fear of government back doors. Secretary Johnson believes privacy should be compromised for security when in reality greater privacy will in turn lead to enhanced security.

This year’s RSA conference attracted a record-setting 33,000 people, proof that the movement to strengthen internet security has gained momentum. Let’s hope that some of those privacy-minded attendees become the talented Silicon Valley workforce that talk some sense into Washington.

No comments:

Post a Comment